How to use Netdom.exe to reset machine account passwords of a Windows Server domain controllerSupport for Windows Server 2003 ended on July 14, 2015 Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected. This article was previously published under Q325850 This step-by-step article describes how to use Netdom.exe to reset machine account passwords of a domain controller in Windows Server 2008 R2, in Windows Server 2008, or in Windows Server 2003. Each Windows-based computer maintains a machine account password history that contains the current and previous passwords that are used for the account. When two computers try to authenticate with each other and a change to the current password is not yet received, Windows relies on the previous password. If the sequence of password changes exceeds two changes, the computers involved may not be able to communicate, and you may receive error messages. For example, you may receive "Access Denied" error messages when Active Directory replication occurs. This behavior also applies to replication between domain controllers of the same domain. If the domain controllers that are not replicating reside in two different domains, look at the trust relationship more closely. You cannot change the machine account password by using the Active Directory Users and Computers snap-in, but you can reset the password by using the Netdom.exe tool. The Netdom.exe tool is included in the Windows Support Tools for Windows Server 2003. The Netdom.exe tool is also included in Windows Server 2008 R2 and in Windows Server 2008. The Netdom.exe tool resets the account password on the computer locally (known as a "local secret") and writes this change to the computer's computer account object on a Windows domain controller that resides in the same domain. Simultaneously writing the new password to both places ensures that at least the two computers involved in the operation are synchronized, and starts Active Directory replication so that other domain controllers receive the change. The following procedure describes how to use the netdom command to reset a machine account password. This procedure is most frequently used on domain controllers, but also applies to any Windows machine account. You must run the tool locally, from the Windows-based computer whose password you want to change. Additionally, you must have administrative permissions locally and on the computer account's object in Active Directory to run Netdom.exe. back to the top Use Netdom.exe to Reset a Machine Account Password
Properties Article ID: 325850 - Last Review: 08/24/2009 23:01:00 - Revision: 9.0 Applies to Windows Server 2008 R2 Standard, Windows Server 2008 R2 Enterprise, Windows Server 2008 R2 Datacenter, Windows Server 2008 Standard, Windows Server 2008 Enterprise, Windows Server 2008 Datacenter, Microsoft Windows Server 2003, Standard Edition (32-bit x86), Microsoft Windows Server 2003, Enterprise Edition (32-bit x86), Microsoft Windows Server 2003, Enterprise x64 Edition, Microsoft Windows Server 2003, Datacenter Edition (32-bit x86), Microsoft Windows Server 2003, 64-Bit Datacenter Edition, Microsoft Windows Small Business Server 2003 Premium Edition, Microsoft Windows Small Business Server 2003 Standard Edition, MSN 9.6 Keywords:
https://support.microsoft.com/en-us/kb/325850 |
Windows Links >